11

CSC 474 Dr. Peng Ning 1

Computer Science

CSC 474 -- Network Security

Topic 6.2 User Authentication

CSC 474 Dr. Peng Ning 2

Computer Science

User Authentication Basics

CSC 474 Dr. Peng Ning 3Computer Science

Authentication and Identity

• What is identity?– which characteristics uniquely identifies a person?– do we care if identity is unique?

• Authentication: verify a user’s identity– a supplicant wishes to authenticate– a verifier performs the authentication

• What’s relationship of identity to role, or jobfunction?

22

CSC 474 Dr. Peng Ning 4Computer Science

User Authentication Can Be Based On…

1. What the user knows– passwords, personal information, a key, a credit

card number, etc.2. Where the user is or can be reached

– email address, IP address, …3. Physical characteristics of the user

– fingerprints, voiceprint, signature dynamics, irispattern, DNA, etc.

4. What the user has in their possession– smart card, (physical) key, USB token, …

CSC 474 Dr. Peng Ning 5Computer Science

Based on… (cont’d)

• Which of the above is best? best in whatway?

CSC 474 Dr. Peng Ning 6Computer Science

Crypto-Based Authentication

• Basic idea: user performs a requestedcryptographic operation on a value (achallenge) that the verifier supplies

• Usually based on knowledge of a key (secretkey or private key)

• Examples: RSA, zero knowledge proofs, …• we’ll look at such protocols in more detail next

time

33

CSC 474 Dr. Peng Ning 7Computer Science

Address-Based User Authentication

• Associates identity with network address oremail address– used by many web services

• Several early OS functions and tools workedthis way

• Benefits? Problems?

CSC 474 Dr. Peng Ning 8

Computer Science

Password Authentication

CSC 474 Dr. Peng Ning 9Computer Science

Password-Based User Authentication

• User demonstrates knowledge of a secret valueto authenticate– most common method of user authentication

• Threats to password-based authentication?

challenge

response

44

CSC 474 Dr. Peng Ning 10Computer Science

Some Issues for Password Systems

• A password should be easy to remember buthard to guess– that’s difficult to achieve!

• Some questions– what makes a good password?– where is the password stored, and in what form?– how is knowledge of the password verified?

CSC 474 Dr. Peng Ning 11Computer Science

Password Storage

• Storing unencrypted passwords in a file is high risk– compromising the file system compromises all the stored

passwords• Better idea: use the password to compute a one-way

function (e.g., a hash, an encryption), and store theoutput of the one-way function

• When user inputs the requested password…1. compute its one-way function2. compare with the stored value

CSC 474 Dr. Peng Ning 12Computer Science

Attacks on Passwords

• Suppose passwords could be up to 9 characterslong

• This would produce 1018 possible passwords;320,000 years to try them all at 10 million asecond!

• Unfortunately, not all passwords are equallylikely to be used

55

CSC 474 Dr. Peng Ning 13Computer Science

Example of a Study

• In a sample of over 3000 passwords:– 500 were easily guessed versions of dictionary

words or first name / last name– 86% of passwords were easily guessed

605(lower

case only)

7064774647215Number ofpasswords

654321Length incharacters

CSC 474 Dr. Peng Ning 14Computer Science

Common Password Choices

• Pet names• Common names• Common words• Dates• Variations of above (backwards, append a few

digits, etc.)

CSC 474 Dr. Peng Ning 15Computer Science

Online Dictionary Attacks

• Can statically create a dictionary of all such choices• Guess passwords using a dictionary• Send guesses to verifier for confirmation or refutation

• Effective? Possible defensive techniques?

challenge

response

Dictionary

66

CSC 474 Dr. Peng Ning 16Computer Science

Offline Dictionary Attacks

• Obtain password file with hashed password values• Guess passwords, compute hash, and compare with

values stored in file– much faster than offline attacks!

• Effective? Possible defenses?

challengeresponseDictionary

CSC 474 Dr. Peng Ning 17Computer Science

“Salting” the Password

• Many systems append to each password a randomvalue (salt) before computing the one-way function– value is fixed and unique per user– stored with user’s hash value in the password file

• Increases the effort required for offline dictionaryattacks– each bit of salt doubles the effort required– dictionaries with precomputed hashes of common

passwords will not be useful• Doesn’t increase resistance to online attacks?

CSC 474 Dr. Peng Ning 18Computer Science

Example: Unix Passwords

• Keyed password hashes are stored, with two-character (16 bit) salt prepended– password file is publicly readable

• Users with identical passwords but differentsalt values will have different hash values

77

CSC 474 Dr. Peng Ning 19Computer Science

Password Guidelines For Users

1.Initial passwords are system-generated, have tobe changed by user on first login

2.User must change passwords periodically3.Passwords vulnerable to a dictionary attack are

rejected4.User should not use same password on

multiple sites5.etc. etc.

CSC 474 Dr. Peng Ning 20Computer Science

Other Password Attacks

• Technical– eavesdropping on traffic that may contain

unencrypted passwords (especially keystrokelogging)

– “trojan horse” password entry programs– man-in-the-middle network attack

• “Social”– careless password handling or sharing– phishing

CSC 474 Dr. Peng Ning 21

Computer Science

The S/Key Protocol

88

CSC 474 Dr. Peng Ning 22Computer Science

Using “Disposable” Passwords

• Simple idea: generate a long list of passwords,use each only one time– attacker gains little/no advantage by eavesdropping

on password protocol, or cracking one password• Disadvantages

– storage overhead– users would have to memorize lots of passwords!

• Alternative: the S/Key protocol– based on use of one-way (e.g. hash) function

CSC 474 Dr. Peng Ning 23Computer Science

S/Key Password Generation

1. Alice selects a password x2. Alice specifies n, the number of passwords

to generate3. Alice’s computer then generates a sequence

of passwords– x1 = H(x)– x2 = H(x1)– …– xn = H(xn-1)

x (Password)

x1

H H H H

x2 x3 x4

CSC 474 Dr. Peng Ning 24Computer Science

Generation… (cont’d)

4. Alice communicates (securely) to a server thelast value in the sequence: xn

• Key feature: no one knowing xi can easilyfind an xi-1 such that H(xi-1) = xi– only Alice possesses that information

99

CSC 474 Dr. Peng Ning 25Computer Science

Authentication Using S/Key

• Assuming server is in possession of xi …

i

xi-1

verifies H(xi-1) = xi

AliceServer

Is dictionary attack still possible?

CSC 474 Dr. Peng Ning 26Computer Science

Limitations

• Value of n limits number of passwords– need to periodically regenerate a new chain of

passwords• Does not authenticate server! Example

attack:1. real server sends i to fake server, which is

masquerading as Alice2. fake server sends i to Alice, who responds with xi-

1

3. fake server then presents xi-1 to real server

CSC 474 Dr. Peng Ning 27

Computer Science

Biometrics

1010

CSC 474 Dr. Peng Ning 28Computer Science

Biometrics

• Relies upon physical characteristics of peopleto authenticate them

• Desired qualities1. uniquely identifying2. very difficult to forge / mimic3. highly accurate, does not vary4. easy to scan or collect5. fast to measure / compare6. inexpensive to implement

– Which of these are concerns for passwords?

CSC 474 Dr. Peng Ning 29Computer Science

Assessment

• Convenient for users (e.g., you always haveyour fingerprints, never have to rememberthem), but…– potentially troubling sacrifice of private

information– no technique yet has all the desired properties

CSC 474 Dr. Peng Ning 30Computer Science

Example Biometric Technologies

• Signature / penmanship / typing style• Fingerprints• Palm geometry• Retina scan• Iris scan• Face recognition• Voice recognition

1111

CSC 474 Dr. Peng Ning 31Computer Science

The Scorecard From One Study

CSC 474 Dr. Peng Ning 32Computer Science

Multifactor Authentication

• If one characteristic is pretty good, two ormore characteristics should be better?

• Suppose true positive rate was AND of thetwo, and false positive rate was OR of thetwo…– TP = TP1 * TP2– FP = 1 - (1-FP1)*(1-FP2)

• Alternative: combine a biometric techniquewith passwords

CSC 474 Dr. Peng Ning 33

Computer Science

Authentication Hardware (Tokens)

1212

CSC 474 Dr. Peng Ning 34Computer Science

Tokens

• A token is a physical device that can be interfacedto the computer, and carries identifying information

• Types– passive tokens just store information– active tokens have processors and can perform

cryptographic operations

• Examples– cards with magnetic strips– smart cards– USB storage devices– RFID tags

CSC 474 Dr. Peng Ning 35Computer Science

Design Issues for Tokens

• Cost• Size• Capabilities• Robustness• Resistance to tampering• Usefulness if stolen / lost

CSC 474 Dr. Peng Ning 36Computer Science

An Example:Time Synchronized Tokens

• The token contains:– internal clock– display– a secret key

• Token computes a one-way function of currenttime+key, and displays that– this value changes about once per minute

• User reads this value and types it in to authenticate tothe server– requires that server and token time stays synchronized

1313

CSC 474 Dr. Peng Ning 37Computer Science

Another Example: Alladin eToken

Battery, 5 year lifetimePower source

RSA 1024-bit / 2048-bit*, DES, 3DES, SHA1SecurityAlgorithms

10 yearsData retention

6 charactersLCD

PKCS#11 v2.01, CAPI (Microsoft CryptoAPI), Siemens/Infineon APDU commands,PC/SC, X.509 v3 certificate storage, SSL v3,IPSec/IKE

API / standards

CSC 474 Dr. Peng Ning 38Computer Science

Summary

1. Passwords are by far the most widely usedform of authentication, despite numerousproblems

2. Biometrics hold promise but are expensive,inconvenient, and compromise privacy

3. Two factor authentication is commonly usedfor higher security

4. One-time passwords (S/Key) are attractive,especially if combined with hardware